re: 5 Fatal Docker Gotcha's 😱 - for new users VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Ahh yes, I probably should add this in when I revise the article for 2019. Yup secrets built into containers : especially in particular public con...
 

Great article. I think I have touched all issues you mentioned, and most of the time as expected. This article should be a must-read for all that consider using docker, but alas, too many developers just make it work not considering future consequences like how docker behave with a full disk or low RAM.

For the security that you discuss with @Artemis;

Hashicorp Vault works fine, but is not persistent as you mention in the article. Though you can connect Vault to any backend storage like Consul, HSM or just flat storage area with Vaults own encryption.

Still there will be a problem with public containers since the secrets are stored as plain text, and even in a specific location.
In a project, we got around it by using automatic generated passwords for containers like that, which means that if a container gets hacked, all that has to be done is restart the container and a new password is given.

code of conduct - report abuse